Smalltalk Tidbits, Industry Rants

Scott McNealy says IT is too complex:

"Our industry is way too complex," he said. "A lot of employees are delivering features that we want to build into products. Hence, (IT) is way too expensive."

McNealy said the IT industry's fixation on the components of computing, such as operating systems, application severs, network switches, and so on, is inane. "It's like throwing a piston ring on the table and saying, 'Drive to L.A.,'" he said.

Someone needs to show this guy EJB, and then ask him again about needless complexity. Pot, Kettle. Kettle, Pot....

The RIAA has settled its case against the 12 year old girl they sued - and they only extorted $2000 from her parents. Charitable sorts, these music industry people....

Ed Foster talks about how popular Product Activation is (snicker). He also brings up a thought I hadn't had on the subject:

Several readers pointed out the security danger to customers if the next version of a Blaster-type virus were to succeed in crippling a software company's product activation capability. "What if the next version makes the XP and Windows 2003 registration site inaccessible?" wrote one reader. "Can you afford to have some of your servers stop functioning? I think these registration schemes can multiply a virus attack's disruption to the economy and the Department of Homeland Security should take a look."

That's an angle I hadn't even thought of - a worm who's payload action was to deactivate specific applications or operating systems. That would cause some pain....

We are fast approaching the release of Cincom Smalltalk (Fall 2003 Edition) - we expect to release in November. If you are a contributor of goodies to VisualWorks or ObjectStudio, we need any and all updates from you by October 15th - if you want them included in the upcoming release.

Leaving the sinking ship: Bill Joy leaves Sun. Now he can wear his tinfoil hat fulltime....

The Register explains again how the RIAA is winning friends and influencing people. Quick, call the PR people!

"I got really scared. My stomach is all turning," Brianna told the Post. "I thought it was OK to download music because my mom paid a service fee for it. Out of all people, why did they pick me?"

It turns out that Brianna's mum paid a $29.99 service charge to KaZaA for the company's music service. Brianna, however, thought this meant she could download songs at will. How naive!

When reporters charged into Brianna's home, she was helping her brother with some homework. She is an honors student at St. Gregory the Great school.

Remind me again why I should buy CD's?

BottomFeeder 3.1 has been released. There are a lot of improvements in this release:

• Better recovery from a corrupted/unreadable save file
• Better email and blog integration
• Much faster update loop
• Much lower memory footprint
• Support for reading the nascent Atom syndication format
• Ability to delete or preserve individual feed items

And, as they say, lots more. Check it out - if you have the 2.9, 3.0, or current dev version, simply use the upgrade tool to grab the latest components. If you don't have it installed, or have an older version, go the site and download the app.

I had been wondering how systems like Seaside dealt with transaction points (for instance, the point where you actually buy the books on Amazon). In a system that handles 'Back' by rolling back the context, this seemed like an issue to me. Well, this morning Avi addresses that point in a post.

And people wonder why we say that Smalltalk productivity is higher than things like C++. Seriously - how in the heck do you test anything with a 14 hour turn-around time? I'm sure that individual sub-systems can be tested without the full thing being recompiled - but that testing - by its very nature - won't be comprehensive. I can see why the security of MS operating systems is so bad, and - I expect it won't be getting better. Gads - 14 hours? How can anyone actually work like that?

Scoble references David Coursey, who seems to think that the tablet pc, handwriting recognition, and translation services are going to be huge. IMHO, he misses one very, very simple thing - even those of us who type slowly can do so faster than we write longhand. The tablet pc will have some interesting niche applications - but handwriting is not going to replace typing anytime soon.

Sam's got the details on the upcoming preview release of Pollock.

CNet News points out that the RIAA is starting to sue suspected file swappers. Boy, they really know how to win friends and influence people, don't they?

The subject of object or schema migration is quite large, and I'm hardly an expert on most of it. There is an area I can talk about with some authority though - migrating old versions of objects forward when using BOSS. Here's the situation - say you save objects to disk (what Java developers would call serializing them). Flash forward a bit, with the objects still on disk, but the definition of the object having changed (i.e., you added or removed instance variables). So, for instance, say you had this when you saved the objects to disk:

Smalltalk defineClass: #Item
	superclass: #{TextObject}
	indexedType: #none
	private: false
	instanceVariableNames: 'read guid '
	classInstanceVariableNames: ''
	imports: ''
	category: 'Viewer'

and you changed it to this:

Smalltalk defineClass: #Item
	superclass: #{TextObject}
	indexedType: #none
	private: false
	instanceVariableNames: 'read guid category'
	classInstanceVariableNames: ''
	imports: ''
	category: 'Viewer'

Well, now there's an issue - the old objects had 2 instance variables, the new one has three. What do you do? Well, you create some class side code that tells the BOSS framework how to migrate the objects forward:

binaryRepresentationVersion
	"current version number for BOSS"

	^'1.0'

binaryReaderBlockForVersion: oldVersion format: oldFormat
	" An attempt is being made to read instances of
	an obsolete version of this class.  Answer a block
	that converts old instances (represented as an array
	or string of instance variable values) to new ones."

	oldVersion == nil
		ifTrue: [[^self nilBinaryMigrationBlock].

The first method answers the version number - this will be encoded with every object you save in BOSS format. When it's read in, this version number is available (it's nil if you never assigned it). The second method determines how to handle migrations - in this case, by sending a message based on the inbound version. That method - nilBinaryMigrationBlock above - actually contains the block that will do the migration. Given the examples we started with, it might look like this:

nilBinaryMigrationBlock
	| inst |
	inst := self basicNew.
	^[:oldObj | 
	| newObj sz array|
	sz := self allInstVarNames size.
	newObj := Array new: sz.
	newObj 
		replaceFrom: 1
		to: oldObj size
		with: oldObj
		startingAt: 1.
	oldObj become: newObj.
	oldObj changeClassToThatOf: inst].

What does that do? It creates an array (which matches the instance variable slots), and then copies all the old attributes into the array up to the old object's size. Now, this method is written somewhat naively - on the assumption that there are N new attributes. If you dropped attributes or changed their order, you would have to write the code based on that. Still, this gives you an idea of what's happening. What you end up with is a new object, with all the old object's data - see the #become:.

The beauty of this is that you can do it with live systems - more than once, I've had to change the shape of the object used for blog entries - and I've managed that with schema migration. It's a powerful technique - but also easy enough to trip over. If you change the shape of an object rapidly (as you initially develop an application, for instance, or under rapidly changing requirements) - it's easy enough to get the older migration methods wrong (especially if you are sometimes dropping attributes). If you need to do this with a production system with important data, testing is absolutely required

This is just odd. You kind of have to read it....

Then you should start with Avi's post, and then work your way through Chris Double's posts - here and here

The 3.1 release of BottomFeeder is approaching - the things we wanted to get done are done, and a number of bugs and limitations have been addressed. The latest change was to the xml recovery file. Clearly, I took the wrong approach the first time - I have 158 feeds, and the recovery file was 35mb - and took a very long time to save. So in the latest dev build, that recovery file saves only the structure - the feed information, the folder structure - but not the items. That makes the file dramatically smaller, and makes save time reasonable.

The Baltimore Sun has a story on the rising tide of passwords and access codes that we all have to deal with - the primary subject of the story has 279 of them - and thus has to cheat by storing them in an encrypted file on a handheld.

That's one solution. The more common one, I'd guess, is to have only a handful of passwords that you use for everything. Both solutions have their drawbacks - if either is compromised, you pretty much get hosed off fully. There's not really a solution for this using passwords; we need biometric solutions so that we eliminate the memory problem altogether.

Charles Miller points out that the human side of security is often the weakest link - your firewalls and intrusion detection systems are worthless if you let someone cart your systems off. The story talks about terror links, and Charles speculates about drug dealers - but that doesn't seem right to me. Industrial espionage, on the other hand, sounds to me like a possibility. Why try to hack a system to get a look if you can just walk off with it?

We have another new blogger on the site - Sam Shuster, who will be focusing on Pollock development. Pollock is the next generation UI framework for VW - it's been under development for awhile, and a pre-release of it will be shipping in November with VW 7.2 (for other news on the November release, look here). In the meantime, look to Sam's Blog for all things Pollock - as lead developer, he'll have the answers.

I made a few updates to BottomFeeder over the last few days that should make things nicer:

• Fixed the error notifier you get at startup if the feed file couldn't be read.
• On save, your feeds and feedlists will be backed up in an xml formatted file. If the faster loading binary file cannot be read at startup, the backup xml file will be used, if it's present
• Fixed a bug in the OPML import/export code. The link and url were reversed in the writer

These modifications should make it more pleasant to work with the development upgrades, for those of you tracking them.

If you want the full LoTR experience, looks like New Line will take your money. December 16th, at some theaters, they'll be doing a marathon - extended edition of the first 2 movies, followed by the premier screening of "Return of the King". Start training your bladder now; check here for details.

Mark Watson goes off on a rant about proprietary file formats. I was right there with him, until he got to this:

I would like to see legislation passed in the U.S. that would prohibit the government from using any business related software that did not support an export to archive XML option. I would like to see mandated practices in government to call for saving to this easily readable format.

What schema in XML? What tags? XML can be every bit as proprietary as any other format. Even if the document is all human readable, there's no guarantee that the tags will have any semantic meaning to anyone in particular. Is he advocating a specific xml format? If so, which one? Is there a widely used xml schema for word processing type documents? This kind of suggestion sounds great on the surface, but it's just not that simple....

Scoble on OpenOffice:

Hmm. It's not how good your word processor is. It's how well it integrates into everything else. But, can we move beyond documents yet? I use my weblog tool about 200x more often than I use Word (and I use Outlook 10x more than I use my weblog tool).

There are so many things wrong in those few words. First, most people don't care how well their word processor integrates with everything else - as long as it gets some of the core functionality right. Word sucks, and has sucked since at least 2.0. Just try to put a bullet point where you want it, for instance. Fix the damn product, then (maybe) I'll give a damn about the supposedly cool integration features. Secondly, those same integration features are at the heart of the security issues with Office - you know, the ones I can't actually fix. Go page your hero Ballmer and tell him to pay less attention to the morons at the BSA and more attention to those of us that pay actual money for your products. Third, blogging? Are you serious? Go around to end users - corporate and consumers - and ask about blogging. When 98% + say huh??? to your questions about blogging, maybe you'll realize that it's still mostly a niche activity. Fourth, don't even get me started on Outlook. That virus attracting plague of the modern world is a bane on the industry. The sooner IT shops ban the damn thing, the better.

Or as Dennis Miller likes to say - but that's just me - I could be wrong.....

Michael Lucas-Smith found Niall Ross' ESUG report. Niall takes very comprhensive notes; recommended.

Joe Bacanskas has a great announcement for Gemstone users - you can use Store to manage your GS sources now!

After a fairly long hiatus, I would like to announce the release of a relatively stable, relatively functional version of Gemkit for StORE. Included in the archive are an introductory PDF, a gs-filein and a parcel/pst pair. This release implements moving code back and forth from GemStone to VW. Also included is a basic, but correctly functioning comparison mechanism. This mechanism will compare GS code between GemStone and VW/StORE. Please find the download at:

http://wiki.cs.uiuc.edu/DOWNLOAD/GemStone/gemkit.tar.gz

All feedback, fixes, enhancements, etc. greatly appreciated. Please note, this was built and tested on Linux/x86 (and Mac OSX). I haven't tested on mixed Windows/*NIX environments because I don't own a Windows machine. If there are any problems with the mixed scenario, they will be with the GemStone class definitions being seen as changed due to line-end conventions. I don't think that will be a problem, but I haven't tested it, so be careful. ;-)

Great news!

A few years ago, I said that within 5 years there would be some new faddish language/system that would start to turn developers heads. Sure enough, here's a story out of Yahoo on that subject. As .NET gathers buzz, I expect to hear a lot of wailing and gnashing of teeth....

Don Park gets overly optimistic about a 'standard' api for wikis:

Also, I haven't mentioned anything about standard organizations.  Just get few key players together and bang out a common syntax and API that works.  The common syntax doesn't have to be used directly by 'puncs' who are already used to their own local brew.  Just use it as an exchange format.

Clearly he hasn't been following the atom goings on carefully enough. Once you start trying to do something 'simple' like agreeing on a common syntax, you start having disagreements. You can't get a 'simple' api by asserting a wistful desire to have one; it takes some actual work. I might as well express a desire for a pizza, and expect it to be delivered - without actually ordering it...

Jeffrey Zeldman talks about how IE may change in response to the eolas suit. Lots of people discounted this back in the 90's when it was filed; now some judgee has decided it's valid. This is why I don't discount the possibility of real damage from the SCO suit - there's simple no telling what any given judge will do in these cases....

0xDECAFBAD comes out with a suggestion on white hat worms:

I'm thinking that "white hat" virii and worms are one of the only things that will work, since I'm very pessimistic about the user culture changing to be more responsible. Though, what about a compromise? Install a service or some indicator on every network-connected machine, somewhat like robots.txt , which tells friendly robots where they're welcome and where they're not. Set this to maximum permissiveness for white hat worms as a default. The good guys infect, fix, and self-destruct unless this indicator tells them to stay out. Then, all of us who want to take maintenance into our own hands can turn away the friendly assistance of white hat worms. It's an honor system, but the white hats should be the honorable ones anyway. The ones which ignore the no-worms-allowed indicator are hostile by definition.

There's only one problem with this theory - we've already got some of this going on, and it's causing as many problems as the black hat worms. I was hit with a 'white hat worm' - the one that tried to fix damage from Blaster - 2 weeks ago. The problem is most people, if they got a well intentioned (but faulty) worm hosing their system, wouldn't know how to fix it. Then there's the whole interesting issue of black hat worms masquerading as good guys and coming in with an invitation. I don't think this idea has a lot going for it...

The NYC Smalltalk will hold its next meeting on Wednesday September 17th, 2003.

Date	Sept 17th, 2003
Location	Suite LLC offices
Address	440 9th Avenue, 8th Floor
Time	6:30pm to 7:00pm -- Open house 7:00to 8:30 pm

Part 1 Reuse through Totally Objects Frameworks David Pennington Totally Objects - The Smalltalk Resource

Part II Round Trip Objects - an Emergency Claims system experience report Dan Antion American Nuclear Insurers West Hartford CT .

Directions:

Take E or C train to 34th (Penn Station) walk to corner of 34th and 8th. Walk up one block to 9th.

RSVP is requested. Please send mail to: charles@ocit.com with subject line of: NYC Smalltalk May 28th, 2003

Scoble tells us that MS wants us to patch Office installs. The problem is, MS clearly has other priorities. I can't install the patches without my Office install CD - which is buried somewhere in my office. There is no frelling reason they need that CD to install patches - so here I sit, unpatched and vulnerable - because some halfwit at MS has stupid ideas....

Blaster is not the last thing that will come through and play smackdown with Windows systems on the net. There are too many extant vulnerabilities, and too many systems that haven't been patched, and likely won't get patched. Here's a leading example of the problem:

Microsoft needs to take its own patching medicine. I have it on pretty good authority that even though Microsoft made the security patch that could have headed off Blaster available weeks before the worm hit, it didn't patch all of its own servers inside the company. I've heard 47 servers running Microsoft's Passport Internet-authentication software had to be taken down on August 12 (day two of Blaster) for "emergency maintenance."

You may recall that Microsoft failed to patch a number of its own servers against the SQL Server Slammer worm back in January, exacerbating the effects of the attack. Wasn't once enough?

Virtually no one stays up to date on patches. It's manually intensive work, and it's always something that you can put off until later. And tasks that can be put off will be put off. Sure, XP can be set up to auto-patch. But that's not a solution either - some patch updates don't work right - there are simply too many hardware combinations in the PC world for auto-patching to be a fully reliable thing in all cases.

What would be the safest course of action? Well, if I were setting up an IT infrastructure right now, I'd look long and hard at FreeBSD and Mac OS X....

Up until 2 years ago, I traveled extensively - in the 150,000 air mile per year range. I'd been doing that for years, and when you travel like that, you get used to it - hotels and chain restaurants start to become very familiar, and - to some extent - it's home that seems odd. I got off that though, and now I'm usually working out of my office, here at home. I travel infrequently now - maybe once every few months I have to go somewhere. Once you stop traveling all the timee, you notice just how disruptive it is. The waiting at the airports, the interruption of the daily routine. I find that I'm very accustomed to getting up, getting my coffee, and checking my newsfeeds and email. Travel disrupts that. I guess once you get off the travel windmill, it's very hard to get back on it.

Ben Hammersley reports that cyberwar is real:

Via the Taipai Times: China has launched a systematic information warfare campaign against Taiwan, spreading Trojan-horse programs into private companies' computers as a means to break into government databases, the Cabinet said yesterday.

Pretty soon we'll need to keep a scorecard to tell the teenage misfit hackers from the cyberwarriors....

This trip to Corporate has already been a success. First, I got one our marketing people set up with a blog - he wanted to try it out locally (just on his machine) for awhile. That got done this morning. This afternoon, I got my laptop's keyboard replaced. The following keys were double typing - e, t, o, i, a, s, u. Imagine trying to get anything done with a keyboard that did that. The guys in IS tell me that the keyboards on these dells - the Latitude 500's - have been a real problem. I hope this keyboard holds up better than the last one did...

Wired News reports on software issues associated with the recent blackout:

"We have no clue. Our computer is giving us fits, too," replied a FirstEnergy technician identified as Jerry Snickey. "We don't even know the status of some of the stuff (power fluctuations) around us."

A short time later, a technician at the Midwest Independent Transmission System Operators, the group that monitors the Midwest power grid, expressed frustration with FirstEnergy's failure to diagnose the problems erupting in their power system.

"I called you guys like 10 minutes ago, and I thought you were figuring out what was gong on there," the MISO technician, identified as Don Hunter, complained, according to the transcripts.

"Well, we're trying to," replied Snickey. "Our computer is not happy. It's not cooperating either."

Leaves me wondering - was First Energy one of the outfits that jumped headfirst iinto J2EE land back in the late 90's, re-writing all their systems? Were they one of the places where lots of consultants with no domain knowledge at all did large parts of the system? It would be interesting to find out....

Off to the gate again, to see if I finally get to Cincinnati....

InfoWorld has a column flogging security products in order to protect your company from vpn carried worms and virii picked up at home. I'm all in favor of having people take more precautions; I just got an object lesson on that, for instance. What I expect a lot of clue free IT managers to push for - no remote connections....

CNET News.com warns that recent versions of Office (MS) have a few vulnerabilities - including a buffer overflow issue in VBA. This affects every version from Office 97 up. Want to take bets on those all gettiing the appropriate patches? I'm still gettting inundated with Sobig.F emails - proof that, even after a virus storm, plenty of systems stay unpatched.

Remind me again why IT groups don't look at OS X?

Taegan Goddard's Political Wire has an interesting quote from Dave Winer -

Dave Winer says it's "not surprising to me" that weblogs "have become such an important part of the early 2004 presidential campaign. I expect this campaign will take place more on the Web than it does on TV networks."

I don't think so. While blogs and RSS are reaching the mainstream, I bet you would still get a huh from most people if you asked them about a blog. One key to knowing when this has changed - when you see blogs finding their way into TV character conversations. I knew Google had reached a wider audience as soon as the phrase "I'll google him" started showing up on TV....

Since I was sick last night, I didn't even try to make my early morning flight to Cincinnati. When I finally did get up, I felt a lot better, and decided to make the trip - off to the airport. Things started well - they gave me a standby ticket for no charge, and it looked like I'd get they by late afternoon. But Whoa there - not so fast! The flight was delayed. And delayed. And delayed. They started announcing that connections would be blown. The follow on flight got cancelled - so my standby started looking dicier. Off they sentt me and 3 others, by cab, to DCA. So I get here, check in, and find out that the flight I'm standing by for is oversold. Whee. There's another one - 15 minutes later - that I can probably make if I run from the one gate to the next, if I don't get on. This just gets better and better.....

There's been quite a lot of posting on continuations recently - especially by Avi. This morning, I see that Chris Double is talking about how to preserve continuations via seriialization.

CNet News has a story on SCO's latest move - an attempt to get Linux users to cough up license fees by sending out invoices. Linux analysts are recommending a go slow approach:

Stacey Quandt, an independent Linux analyst, said companies should wait to see how the current SCO lawsuits end before acting.

"I can't see why a company would pay this, since it is all based on allegations and hasn't been proven in court," she said.

The companies to which SCO sends invoices are likely high on its list of candidates for lawsuits, according to Quandt.

"SCO continues to use tactics of brinkmanship, and it is certainly possible that the companies that get invoices could become future defendants," she said.

The circus begins....

I had just about the worst 24 hour bug yesterday that I can ever recall havinig. I went to bed at 7, and gott up at 9. I felt awful last night - fever, upset stomach - the whole 9 yards. But whatever it was, it passed. Weird.

Ted Leung found something interesting - the MS PDC is going to provide live blogs for the show. I agree with Ted; this is soon going to be an expected thing

Email dead? For publishers of newsletters, it's getting to be. People don't want to sign up for fear of more spam - and many of the ones who have signed up are filtering them out - with overly aggressive spam filters. Listen to Chris Pirillo:

"E-mail is dead, period," declares Chris Pirillo, the Internet entrepreneur who distributes about 400,000 e-mail newsletters weekly. "I don't care what kind of legislation goes through, people aren't signing up for newsletters anymore. People are assuming that every e-mail publisher is a spammer."

Pirillo's Lockergnome has begun actively directing subscribers away from e-mail subscriptions, touting RSS (Rich Site Summary or Really Simple Syndication) instead as a foolproof way to avoid the spam bottleneck.

I've seen this personally - my sister is doing side work as a website developer now, and one of her recent jobs involved generating an email to site subscribers. It took her awhile to figure out that mails going to AOL subscribers were being blocked - even though they had opted in - due to the hrefs in part of the message. It's now at the point where you simply cannot guarantee that any email will reach its destination. Marketing simply has to find an alternate route in