QWERTY

SUN

2009-02-03T21:45:00.001-05:00

SUN is a great company when it comes to technological innovation but has failed to convert it into profits. Most of the people seem to blame their sales and marketing folks. I have seen this first hand in my domain also that for some reason they are unable to sell their products to non-technical folks even though their product is technically better than some of their competitor.
My thought is that they need to be acquired. I think there are two options

A technology company with strong sales and marketing that have complementary set of technologies and wants to provide top-to-bottom technology stack. A company like CISCO comes to mind.
A hosted solution company developing solution platform (currently called cloud platform) which can leaverage the deep hardware and software know how embedded in the firm to develop solutions on the specific stack.

Or hopefully SUN will be able to build a better sales and marketing team AND product designers rather than product engineers.

Jumpstart

2008-12-02T21:19:00.001-05:00

How do you jumpstart a blog that has been dead for almost 3 years. But there are times in life when you need to just shrug off and start doing what you want to without thinking for an explanation of past. In that sense, I think, India stands at the same juncture at this time.

Beyond the sadness, anger and frustration I have felt as an ex-mumbaikar (it being one of my favorite cities), Indian and human; it has been painful to see some of my close relatives feeling threatened for themselves and their kids lives.

At this point terrorists have explored various methods to terrorize Indians. They started with large bombs that created significant stir but not enough terror. This was probably because these were few and far in between due to amount of logistics and money involved. They then tried to attack the metropolitan cities with such big bangs but due to the nature of attacks it affected the class of people that did not have the luxury to feel terrified. In past one to two years, there has been significant attempt to develop the strategy of using small low intensity attacks in crowded areas of tier I and II cities. But I think beyond the simple element of surprise, increase in civil vigilance resulting from such an attack could make carrying out such attack significantly tougher going forward. This time (Nov 26th, 2008), it seems, there was an attempt to attack the strata of society that has felt somewhat safer so far. Even though attack tried to cover the entire cross-section of the society in Mumbai, due to the way it played out, coverage in media has become somewhat limited to the various hotels that were under seige.

Some of this reminds me of the way things took to worst in 80s between separatists in Punjab and India. The capital of New Delhi was converted into a big battleground with small intensity blasts in public places. I still remember public service ads telling people to stay away from unclaimed/stray goods. This whole thing reached a turning point when the PM Indira Gandhi was gunned down by her own security guards. This incident put the Indian govt on offensive like never before and resulted in significant clampdown on the separatists.

I sincerely hope that our government and we as citizens treat the Mumbai attack at that level and make a significant attempt to raise the bar before the next set of attacks. I am sure in next few days the media will be filled with concerned people who would be sharing thoughts and ideas on how to make things better. But the real challenge, as always, will be to go to next level and attempt to continue to convert the thoughts and ideas into actions. In that sense, this act of terrorism seems to have happened at a time when the govt is under significant pressure due to the elections. In addition to that, there seems to have been an attempt by the influential people (with the help from media) in various verticals to push for reforms at various levels to ensure that such a thing does not happen going forward.

Only the time will tell whether this day would be just another day in the the list of days on which terrorists won or a day on which India resolved to never let others take the Indian concept of "chalta hai" attitude for granted.

x86 Virtualization: Keep moving

2006-01-10T10:16:00.000-05:00

The virtualization process on the x86 platform has really taken off in the market. The best part is that this process has taken place in both directions.
The hardware virtualization process has been moving at a fast pace (especially in development environment, production environment seems to be a different story or may be I do not know the story) with availability of both vendor products like VMWare ESX, Microsoft Virtual Server and opensource products like Xen 3.0 (on Intel IVT and AMD's Pacifica chips - still looking for a big yes from the community on whether it works). I guess when something like this becomes an important part of the development environment for a small company like mine, I think it really has moved far along.
At the same time, the virtualization has been developing from top to bottom starting with language (like Java and .NET). This means that at the moment we have two virtualization environment i.e. at the top and at the bottom with Operating System in the middle.
Isn't it time to start the virtualization process for the OS itself? The product like Azul seems to have taken some steps toward that but being language dependent and properitory designs, they do not fit the bill of OS virtualization. Is this time to really start thinking about completely moving away from the monolithic kernels like Microsoft Windows and Linux and start adopting the Micro-kernel architecture (or that version of existing OS) so that people can pick and choose the components to build the environment such that if you are running servers, you can remove all the User Interface components from the operating system without the need of recompiling the kernel of the Operating System. This way you can pick and choose the components that you need to build the OS environment and hence different components for each of the part of the OS so that systems can leaverage built-in features of chips to make a smaller memory and storage footprint and more efficient systems.

Protegrity: Database Encryption

2005-12-01T07:35:00.000-05:00

Need to get more information about what is really going on and how this technology can help in data privacy initiatives.

Application Dependency Scanner

2005-12-01T07:32:00.000-05:00

May be worth something to look at for basic applications. But, my basic problem still remaind dynamic dependencies added due to configurable class names, etc. So it probably may not help. Another thing to look at!!

A Recipe for Newspaper Survival in the Internet Age

2005-11-30T16:00:00.000-05:00

Lessons

Some of the readers know more about the subject, so allow them to contribute
Others know less about the subject or may have personal agenda. Let "community" handle them via "moderating system" (I think editors also must play a big role in the moderation till the community is not big enough to be self-regulating)
Malicious, obscene content should not be reason for not opening up to readers. Let moderation or editor take care.
reader vs advertiser - well if reader make the medium trustworthy, in long run you will have more revenue. besides that allow advertisers to reply to the things.
Go "Local" and advertise local
Think internet as mainstream medium to grow since all others are being reduced.

Java XML Tech

2005-11-17T19:57:00.000-05:00

JDOM
- http://www.jdom.org/

DOM4J
(Better) - http://www.dom4j.org/

STAX
- http://dev2dev.bea.com/xml/stax.html

JAXB
- http://java.sun.com/webservices/jaxb/
- https://jaxb.dev.java.net/

Castor
- http://www.castor.org/ XStream
- http://xstream.codehaus.org/ Jaxen
- http://jaxen.org/
Nux
- http://dsd.lbl.gov

James Strachan: Is Ajax gonna kill the web frameworks?

2005-11-17T19:36:00.000-05:00

Good Discussion!! The major points seems to be

When Client needs to receive remote events (obviously not by polling since that adds burden on server)
A very complex "windowing" GUI with a lot of local event generation, validation, etc which can be too much for javascript which is an interpreted (thus slower) language. - My interpretation
If the processing rely too much on the business state/session which contains sensitive data (hence needs to be stored some where safe) and in world of SOA there is no place to save them!! - My interpretation
Too much pain w.r.t. browser incompatibility and immature frameworks and tool support
In-house applications do not need them since the customer is on uniform platform.
Debuggin Javascript on browser is terrible - But faster since no compile step and also firefox has good tools(I think)
- JSEclipse - Not good Enough

Cisco Moves Linksys into Small Business Market

2005-11-14T17:09:00.000-05:00

Wow!! $62 per user! that seems way too high. What's with these service companies and their love with "per user" price. Why can't they service on "per channel" or "per connection" basis along with very basic fees for maintainance. This would make much sense for those companies that would like to give service access to all their employees but all their employees would not be using the system at the same time.
This model basically seems applicable to all the network based service where all the people would not be accessing the service all the time.

Trails: .8 Released

2005-11-11T07:51:00.000-05:00

I am not sure whether this is better than the earlier products that I looked at.

The Evolving CIO's Technologies

2005-11-04T11:19:00.000-05:00

"SOA" - anyhow, anywhere, anytime
Document Management
BPM/Workflow
Virtualization of OS, Storage & VPN, Wireless Network
Application streaming(??)
Opensource desktop
Grid

AJAX Framework Comparision

2005-11-03T10:00:00.000-05:00

Good Selection!! Need to revisit

WSSE 3.0

2005-11-03T08:01:00.000-05:00

WSSE implements WS-* which is standard for interoperability. Digital signature, Authentication/User Token, WSE 3.0 does -
Security easier, integration with WCF,
---------||------||--------> Client Server <--------||------||--------- 6 Turnkey scenarios scenarios 1.

        send encrypted message 
        send encrypted large key
      ---------||------||-------->
Client                                    Server
(Public Certificate)                       (private key)
large key                                    
      <--------||------||---------
         send user/password encrypted with large key

Use policy file to get it done
WCF - Shipped with Vista. WSSE 3.0 wire level interoperability with WCF.

-----------------------------------------
|Secure|Reliable (new)| Tx      |             |
-------------------------------
|Soap  (Message)                   |   WSDL   |
------------------------------------------
| XML/XSD (data)                                  |
------------------------------------------
| http    (transport)   | TCP |Custom(UDP) |
------------------------------------------

With 3.0, the ASMX besides the basic services can be hosted as a service along with websire

Bob Lee: Generating sequence diagrams with aspects

2005-11-03T00:07:00.000-05:00

Indead a very good use of the concept of aspecting. I have not been able to understand the use of aspecting in the development and product code. Even the much touted logging usage does not make sense since it does not capture the business event for which you have to write specific event information through logging API directly.
But it seems the Aspect has found a good use in the debugging and understanding the applications' features.

OctetString Engineer Says ‘Caching is Evil’

2005-11-02T17:34:00.000-05:00

Ran into this comment which took me to above article. Besides the basic marketing stuff, the thought/comment did go into the core issue of why cache.
The idea of cache and cache management arises from the basic tussle between performance and data freshness. If you need better performance you will go with cache (well designed to have good cache hit and low cache miss) while if freshness is important cache may not be your cup of tea (unless designed so that updates flow into cache from datasource).
With regards to that, the cache has its place in identity management for data that for which the cache expiry or update speed is much higher than rate of data staleness (like first name, last name, email id, contact information) while it would be not so good viseversa or if freshness of data overrides performance requirements.

Airlines Trying To Cut Out The Middlemen... Again

2005-11-01T09:12:00.000-05:00

Is the middleman finally going out of business especially if these service provider use eBay or google base to publish their data.

Oracle Hands Developers a Free, Open-Source Database

2005-11-01T08:56:00.000-05:00

I did not see any thing about open-sourcing the database.

RIFE/Crud 1.0: CRUD scaffolding for RIFE released

2005-10-29T22:38:00.000-04:00

Two promising technologies in two days and both do not seems to be going the way i think this development process should move. This process comes closer to my idea of how ultimately the request processing is a workflow which uses component to get the work done. This idea comes quite well in this technology. My issue is with reinventing the wheel. I would have really like the product to use a workflow definition language for achieving the request flow and data flow. On an initial review it looks like it borrowed the idea from the BEA/Apache Beehive (did i get it right?). But I would really have loved the idea of extracting database schema or from entity relationship diagram and generate objects or vice-versa automatically and drawing the request and data flow using GUI instead of editing xml and in a workflow language instead of developing your own.
The meta-data about data constraints is fine but that can not be extended to Web interface. Now what needs to be displayed as editable or non-editable and sorting decisions are not a business logic decision (as it can be an authorization decision) and thus should not live with the bean definition. It is a interface decision and should be part of that!! This is where even I am stuck w.r.t. to how to tie the workflow to interface. What is the answer? But that is a separate topic...
The technology does look promising and can work as inspiration for other technologies...

How Many Times Should We Pay For Our Software?

2005-10-29T21:23:00.000-04:00

Article just tells me that the market is maturing w.r.t. vendors getting ready. I have thought that PC is most likely a temporary path to go tho next step where people will move from accessing content using personal medium through a shared medium (similar to the way cable system evolved). With regards to this at this point the market needs to figure out the model. I think the mediums would be hosting the software and people may be ready to pay monthly rent for the service. Now the medium could be cable, phone/optical fiber or utility provider (may be electricity or who knows the water utility).
Lets leave it at that and let the market figure it out!!

Google And IBM Team Up Search Technology

2005-10-29T20:30:00.000-04:00

Interesting development!! I have always liked the idea of using google desktop search as a corporate knowledge management tool once some facility has been built to securely control and access the agents running on the individual desktop. I have had some thoughts on doing this for my own company but never got time around to do that.
Besides that I guess it is great way to capture the two ends of the information i.e. databases and desktops. I am not sure whether google search appliance could not look into these database and hence google has to depend on IBM for this type of data. Another thing which brings to life is the issues people had with desktop search at the start i.e. it brought out unwanted things from the system. Guess this goes to the idea of privacy and data access control i.e. what is searchable and what's not.

Paranoid Penguin - Single Sign-on and the Corporate Directory, Part I

2005-10-28T23:22:00.000-04:00

Now that was the quickest way to build the infrastructure and the consultants are just sucking the money for doing nothing :)
Guys lets not build something, attach "identity management" to it and tell the world we have solved the issue in 1 section. This article may be good for a small university or a Small business. Anything more than that the SSO and "identity management" is very huge project which may run from 4 months to 3yrs and needs a lot of things.

Microsoft's Vigilante Investigation of Zombies

2005-10-28T22:21:00.000-04:00

This brings back the whole idea of > if you leave door of your house unlocked and some body comes in, looks around and leaves is it punishable > if you leave door of your house unlocked and some body comes in and drinks water from your tap (is that a good analogy for wireless access point for basic web surfing) and leaves is it punishable > if you leave door of your house unlocked intentionally and some body comes and are caught is it punishable.

Attention podcasters

2005-10-28T22:13:00.000-04:00

The idea of annotating pictures is not new but doing that with video and audio!! May be that is how the next generation search engines would be able to make sense out of these type of contents till we figure out a way to dicipher an arbitirary piece of audio and video.

Artificial Scarcity, Garbage Collection and the Long Tail

2005-10-28T18:44:00.000-04:00

Great Article!!

the anatomy of a standard

2005-10-28T18:09:00.000-04:00

Redirect This!! Hmm... a money making/analytics scheme! I do not think that is the way to get it done. It seems to be more of a browser feature which allows you to select content from a website and then blog that. This way the content website does not have to change but at the same time the user is able to "grab" the content that is important for him.
Now only way a third party can get involved in this process is by making sure that user is not violating the copyright by reprinting the information which means that it can provide the capability of generating "URLs" to address the content of interest instead of displaying the entire website by may be just selecting the stuff or running autogenerated greasemonkey scripts on website on the browser.

A Prescription for Novell's "Cold Realities"

2005-10-28T17:51:00.000-04:00

This is where it becomes apparent that just having great product set, and great relationship with developer does not help unless, you do not get the message across well to your customers who are more likely to be the CIO et,al i.e. your sales and marketing!!

A me shaped hole in the web and other thoughts from Internet Identity Workshop 2005

2005-10-28T17:44:00.000-04:00

hmm... identity noise (great concept!! though morally questionable)
and difference between enterprise and individual needs w.r.t. identitity seems to come from the basic idea that enterprise is an individual that is formed by collection of individual that have purposely chosen to relenquish some of their identity, culture,etc to come together. So, eventhough in private or outside the enterprise an individual can practice and implement his beliefs (obviously under law) , the enterprise has relinquished some of his beliefs and requirements for greater good of enterprise. I think l lost my chain of thought some where....

OpenToro Version 3.0 Released

2005-10-28T17:27:00.000-04:00

First Thought -
Ahh!! finally a product that my father can use (if packaged properly) probably with Open Office database to develop an application for his office. And then reading through the tutorial I think he would lose interest some where around editing XML.
Damn!! will have to wait longer before Microsoft Access will be out of his machine!!

evolutionNext: "Inline XML in Java Code? WTF?"

2005-10-28T17:14:00.000-04:00

Now the things are really going out of hand. The basic java language has been very stable and got the work done (may be not always). These additional "features" which cater to the latest fads is not going to help the language. It will just make the language more bloated and we will start running into the issues like those with operator overloading in C++.
I really miss the simplicity of C !!

Symantec to unleash 'Big Brother' on the world

2005-10-14T08:43:00.000-04:00

Hmm.. I am not sure how this system is helpful without the identity flowing with the request. Most of the applications that connect to database using proxy users and auditing/monitoring based on it is not very useful since it can not be tied back the the users that is running the query. So, we need the next generation monitoring and auditing applications to be able to track the actual user identity. I would be expecting the Application server providers and database providers to develop such technologies to audit and monitor the user id end-to-end. I am not sure how well the network security by them selves or Host security by themselves will be able to crack this market.
Let's see

SOA Maturity Mockery

2005-10-13T13:00:00.000-04:00

As far as I remember, the CMM maturity model has nothing to do with how you can achieve the level. Another important point being that by default in CMM model, every body is on Level 1. So even though there are good points made by the author, I think he does not understand the concept of CMM and how it just assign the level to the company based on the audit. So a company does not have to go from Level 1 to Level 2 but if there is a long term strategy developed, the company can go to level 3 directly if they can prove what they are trying to achieve here is good for level 3.

Free the Data

2005-10-13T12:39:00.000-04:00

Hmm.. and loose the thing that makes money and further more allow other to make money from that. Does not make a lot of sense, just like a lot of business models that did not make sense back in dotcom days. Even then the idea was to build the service and set it free. They will come, like my cute little service, and start paying for that once I ask for the money. Well we all know what happen to those services. We have to understand that this model does not work unless you are a very large company and the product/data you are selling out is not the core of your existance or does not bring any money to you. And that is why the products being opensourced by big company are products that have outlived their shelf life or are not making any money for the company.
That is why you need a syndication model in place. The content generators will sydicate the content and get paid for allowing other to get access to their data. The idea here is that, content/data can not be set free for a long time because creation of data takes time and money. Any model that sets the data "free" or uses free data to build services will be always in jeopardy. This is due to fact that such ideas look brilliant during the boom times or till you have not run out of VC's money and go down the drain as soon as the economy goes south.
This brings us to question why the almighty google and other service provides like msn and yahoo are providing data for free. Well we have to understand that, google is formost in the business of pattern recognition and not in content provider business. This pattern recognition business means that they need to lure the users using content to track and find general patterns which can help them build a system that can target ad and premium contents more precisely to the users. While other portals have to provide their premium content free since google is doing so or may be they are building the same structure behind the scene. So who knows when we will run out of free data!!

IBM Offers Best Practices to Open Source Foundation

2005-10-13T12:37:00.000-04:00

Seems like nothing more than making the theory free so that the people are going to purchase tools to implement the theory. There are theories in Computer Science on software development which would help anybody but without appropriate tools for them, they are useless from development point of view. I am not saying that theory being given out is bad (since it has been "used" by 1/2 million developers) but just that theory without the tools is as good as concept of turing machine without the mordern computers.

Drools Project Joins JBoss

2005-10-11T20:05:00.000-04:00

So finally the workflow engine, rules engine are coming together. I have been looking towards an integrated Workflow, rules engine and interface engine for easy product development for some time now. The SOA would need this interface engine for allowing users to interact with the SOA services. Where is this interface engine which is integrated with the workflow engine going to come from? Are XForms or any other web frameworks an answer to this?

Dan Farber on Web 2.0

2005-10-11T16:34:00.000-04:00

The article, got me thinking on the way content creation works on TV. I am not a TV history buff and so I may be wrong. The TV medium started out with only the big networks having the know how and money to create the content. This content was broadcast to the viewers. But as the time passed and more people became adept in the content creation process, the idea of syndication was born which allowed content creation to be separate from broadcasting. I think it is this idea that is one of the reason keeping google off the content creation wagon
MSN and Yahoo may continue to be content providers of the future with content providers like people (like columnists) and company (like big studio) syndicating the content to them. The google will be a "public access channel" which would allow users to create contents and publish to the world that would like to see them along with target advertisement?

Experts give identity management advice

2005-10-11T15:50:00.001-04:00

Points raised on

Process and System Integration are challenges
"Identity Management is viewed to be responsibility of employees in charge of physical security" This is totally against all my experience in financial industry where the identity management is typically part of the Risk Management group and that co-ordinates with physical and HR to develop and implement identity management solutions. But at the same time HR is the golden data source in most of the place.
"One ID across the organization" mostly a dream every body wants but nobody has (but there are instances where organization have been able to achieve it atleast for employees though not for customers.
"Biometric is the key to solve duplication" but biometric can not be converted into identifier. It is used as authentication data but not as identifier.

Deploying SSO and biometrics in the race to put ou…

2005-10-11T15:33:00.000-04:00

Deploying SSO and biometrics in the race to put ou…
Problem Solved: SSO
Product Used: Imprivata OneSign (Reduced Sign On)
Plus points: Appliance, Profile builder, Integration with fingerprint authentication
Issues:
Integration with Citrix in version 2.6 solved in 2.8
few minor issues
1) Missing finger (that was required by security policy) of one of the users.
2) Pressing finger too hard on device resulted in poor fingerprint profile making it useless for comparision.

Security: standards arent enough

2005-10-11T15:22:00.000-04:00

Security: standards arent enough:
Basic point that Web service security is not going to solve the security problem. I think every body understands that, WSS will solve authentication and authorization. For rest of the things like

Validate your input
Set size limits on your incoming data
Ensure the attachments do not have any "viruses", etc.

you will be on your own or purchase the XML firewalls. Another point being Security services must be centralized. Again a continuing trend which helps in consolidating the administration and security analysis.

You get what you pay for

2005-10-11T13:41:00.000-04:00

I very much agree with the basic idea that just like in any other country the price to get a person to break law depends on the purchasing power parity and the salary of the person being bribed. In addition to that the strength of the law enforcement and tangible and non-tangible cost that the person may pay also helps in setting the price of the bribe.
If the price that a person has to pay is raised high enough, it is very much possible to increase the amount that would make a person amenable to breaking his/her contract. In order to ensure that the invoices keep coming, it is important for company and country (to which work is being outsourced) to develop perception that they have taken adequate measures to increase the price for breach of security.
Even though I am not a great supporter of the outsourcing business, I have worked with companies in India and some of the large financial institutions (which are supposed to be most secure)in US. I think I have more faith on the measures implemented by the Indian companies than their US counterparts. This could be because I may have worked with best companies in India and not so good companies outside that country. So, it would be lot better to evaluate the company that you are outsourcing to rather than go by FUD generated by some people.

Symantec firewall Woes and solutions (Notes)

2005-08-24T17:17:00.000-04:00

I was having some problems with Symantec client firewall and gaim. Basically only yahoo was working properly and other protocol like jabber and msn messenger were not working. So finally found the following link which tells how to add the port 443 and 5222 (for talk.google.com) to HTTP Port list to get the gaim working with the Google and MSN. It is very interesting why this issue arises specifically for gaim when the MSN Messenger and Google talk work without any problem.
Another issue that I was running in to was that symantec firewall user session (that appears on the system tray) was crashing during initialization of the after login to windows. This was making the control of firewall very cumbersome. The Microsoft website did not give any specific reason for the crash. But today I noticed that after installing the Google Desktop 2 over the previous google Desktop, the firewall session did not crash.
When I tried to install the .Net Framework 1.1 the Client firewall crashed along with some nokia utilities (which were crashing previously), but the firewall seems to be stable after the re-start.

ERP: A thought!

2005-04-30T23:22:00.000-04:00

This is way out of my league since I have never worked with a single ERP product except to integrate with IDM solutions but the similarity was hard to miss. This came out of a brief discussion I had with my collegue where he was very adamant that ERP implementation is about sitting down and rebuilding the company's process around the product that was bought instead of the ERP fitting into the process that is already present. This to me is the same case of the IDM implementation where the Vendors/Implementation engineer want the companies to change their process to fit the product that they have purchased rather than viseversa. Even though I can understand that as a part of any IDM or ERP implementation the business process can be reviewed to make them more efficient but that does not mean that implementation has to mimic the product design because products were not built to support the requirements.
Besides that I think another issue with ERP was the non-existance of the service infrastructure that modern IT departments are building now. At the time ERP was being implemented, the product had to implement all the services like Identity, Acess Control, Audit, Transaction, workflow,and so on as part of their system. But now with the move towards more abstract service definition for things like Identity, Access Control, Workflow, the ERP systems can be lean mean systems that integrate with the existing infrasture instead of being a monolithic application that require so many consultants to get right the first time (because each of the ERP system is not an expert in developing all the capabilities into their product they end up implementing the feature the way they thing is the right way).
Assuming this is correct premise, the ERP implementations happened before their time. In case the companies continue on their part to built more abstract services, in the next decade the ERP systems may become very thin orchestration engine that tie all these services together. In order to stay relevant in that scenarios, these systems may have to become more audit and compliance driven that use BI technology (and input from human) to fine tune the orchestration without breaking any laws and trying to achieve the mission for its users.

OS Installation on VMWare 5.0.0: Notes

2005-04-14T14:36:00.000-04:00

I started working with the vmware and found it to be quite cool. As the first steps I installed Solaris 10 and SUSE Enterprise Linux 9. The basic issues that I faced were

Solaris 10 - All the CDs have to be installed after first reboot or else the system may end up in a weird state. For example I installed the first CD and then allowed it to reboot with the first CD in the drive, in that case it did not ask for any other CD and I was able to login through console since X11 was not installed. Then I tried installing the CDs 2&3 using the installer present in the root directory of the CD at which point everything was installed. After this I rebooted the server and started the X11 but I started having problem with creating directories in /home and could not load the CD (it failed with error that "device is already mounted or
is busy"). After that I completely reinstalled the OS and made sure that I changed the CD after the first CD is installed and then changed the other CDs to make sure all the CDs are installed before going through another re-boot. This seems to have done the trick and server came up fine with no major issue. The basic issue that I am facing is that the server does not have the hostname (because by default it expect it to be provided by DHCP) assigned to it even after assigning it in hostname.pc0 (the interface is named pc0). Need to look more at that!! Some links
- Basics
- Some pointers
- SUSE Enterprise Linux 9 The basic issue that I ran into was that the during installation the VMWare's "Graphic card" was not detected properly and the installation ran in text mode. The strange thing about the text is that it diplayed four separate screens two of which were updated but that made reading the screen very difficult.

Will keep adding stuff as I run into other issues.

CPR of Software performance

2005-02-15T06:52:00.000-05:00

While reading one of the articles on chip design I found that the ideas of Cache, Prediction and Replication were used to bump the perfomance of the chips. This is very interesting because most of the CRUD (create, read, update, delete) application also use the same concept (except prediction) to boost their performance. We do cache the data coming from databases and we do replicate the code across multiple servers to provide scalability. But the prediction is some thing that I have not seen in any product that I have worked with!! This is something that has bothered me for some time as to why is prediction not part of the JDBC implimentation or part of typical Object/Relational Mapping tools (need to check whether it is present in hibernate). I understand that even the basic implementation is going to be very complicated because we need the basic concept of finding patterns using both query and data, but this is a step that has to be taken to boost the application performance. I really need to find more information on any available product that already does this!!

Some thoughts on the UML and MDA!!

2005-02-01T13:55:00.000-05:00

So I am thinking of starting in to the world of MDA and UML 2.0 that is supposed to help you achieve all the benefits of the MDA. But before I start going in that direction, I wanted to put down what is it that I am trying to solve when I start developing application to solve a business model. Now based on my limited understanding of the application that I have worked with there are the following things that I should be able to represent in a modelling system.

Object Template (Class)Representation So basically in order to start modelling a system, we need to be able to model the entities of the system. These entity (in an object oriented world) will have Data/properties and methods. But I think we need to increase this list as follows
- Properties: This just like in object oriented world would represent the data that actually makes an object the object that represents an entity in real world.
- Method This represents the actions that can be performed on this object.
- Constraints Now most of the times this is something that is built as part of the implementation but I think we really need to allow people to set the constraints where the mouth is i.e. at the Design level. This will ensure that if required these constraints can be enforced by compiler or by the generated code either at the object definition level or better still extrapolate that to user/external input interface validation step. Now these constraints are contextual and thus have to be specified at the level where that context is complete which can be at object template level. These constraints could be for object creation, data validation, data dependency (like you can not have interest value without interest rate and principal amount), method invocation, object deletion and so on(TODO: need to complete this list).
- Relationship I some how feel that UML class diagram has not done enough justice to provide efficient representation of the relationship. Now typically the relationships are represented as an object template/class with pointers to associated object template(s) or as a line with relationship names and additional information about relationship type (many to one, one to one, etc) but you can not have both the features at the same time (or can you?). Another thing that I see missing in such a scenario is definition of reverse relationships like father, son and so on. Most of the times the relationship typically gets defines as a "is a" relationship and so the design would create a class for the relationship and later on a complete redesign would be needed in case the reverse relationship comes into picture. But instead in case the relationship could be defined as a separate entity that binds atleast two object, it will automatically get defined as a concept of "role" which is less restrictive in the sense that it can be assigned to or removed from the base objects as the system evolves. This idea will help the system representation grow more organically as the components become clear. So this provides us to avoid some basic design flaws during the design phase. These relatioship definition would obviously have associate properties, methods and constraints (for relationship creation, relationship deletion, relationship enforcements to name a few).
Use Case definition (or getting the work out of the system) This basically defines the work that we want to extract out of system and how the system components work with each other to achieve the same. There are a few things that I think are missing from UML.
- object selection constraint/rule definition The activity or sequence diagrams are used to describe the interaction between the various object instances during the performance of the use case. Now when we typically make the call from one object instance to another, we need to ensure that we are sending the message to or calling method on correct object. This information can not be built into the UML diagram since the nearest thing present in the diagram is the description name of the object. We need to be able to extend this model to be able to specify a constraint rule description the object selection rule. Now there is an interesting consequence to that. When we describe such a rule, this rule will have input variables that will have to be fulfilled by either calling object or the environment. In case this has to be satisfied by environment, it automatically brings in the concept of session into picture which is basically collection of minimum set of attributes that uniquely identifies a transaction/process (if the session is not being used as cache as most of people end up using it as).
- Business Logic Most of the business logic can be divided in to two types: Business Process and Business Rule. The business process basically defines a series of steps that need to be performed which involve interaction with external entities like Person, Web Service, Database or other application modules. This is represented very well by sequence diagram (and its extensions). But not all aspects are represented very well through activity diagrams. For example, it does not allow you to specify what are the inputs needed from the users or how to express the input interface to the user using a platform or technology independent way like XUL (though not the best example) or may be a new standard. This requires that the Interface Design itself should be part of the business logic and should be expressible in technology independent format which can then be used to generate platform specific code during next stage.
  Business Rule on the other hand basically represents basic business algorithms like interest rate calculation or user access control calculation which can be evaluated given all the inputs are available. This piece of the business logic is typically missing from the UML diagram (is it?).
Deployment Definition Now an important part of the architecture is the decision of how to deploy the model that has been defined. Now the platform and technology used to deploy an object will decide how the interface will get designed. For example, if the event trigger comes from a user and that is deployed over web, then the interface will be a ASP.NET or J2EE(JSP) implementation while if it is implemented in client server environment, then the client may have to a swing application or a windows application. So it is at the deployment level, where we have to make the choices about the technology and then the next step would be code generation!! Once we have have such a platform ready with automatic code generation capabilities, it is not very far to be able to see large computers being able to simulate using the hardware specifications and software specifications (like how many CPU instruction is taken up by specific kernel call), whether the specific deployment is the best implementation in terms of throughput, response time and other QOS parameters before going into production over a specific architecture (I really would like to see that in my lifetime), like we are able to do for chip designs.
Aspects An important part of the architecture is the basic generic services that are shared by most or all modules which may or may not be part of the original system models. These include the services like logging and mesurements (Error/Performance monitoring, reporting and correction), audit, security (authentication, authorization, privacy), performance enhancer (cache, replication, prediction), middleware and so on. These are now a days termed under aspect (am i correct?) which are supposed to be integrated with business logic but do not form integral part of the same. It is very important to be able to integrate the aspects in to the business logic at the deployment level (so that we can change them based on the technology constraints, Policy constraints and so on) and will vary based on the deployment configuration selected. So for example, an interface is selected as client-server on NT environment, then it may make more sense to use Window based Kerberos security for authentication vs using token based authentication in case the Web based application.

Most of these thoughts may be representation of me not understanding the capabilites of the UML diagrams and may be its me that needs to do a catchup rather than vise versa. So let me begin my quest for the same...

3 Dimensional Alert!!

2005-01-27T10:12:00.000-05:00

Yesterday I finally posted a letter that was waiting for a very long time. That triggered the use case of a GPS enabled phone/PDA/ that allows you to set appointment in 3 dimensions (I am not sure about the height though). So the idea would be that you will have your favorite destinations like your home, office, favourite store stored during cofiguration. Then when you need to get milk, you can set up the alert with milk and location. So on your daily trip back home, it will trigger as soon as you reach near the store.
Another important addition that I can think of is that the precision factor should be configurable for the location and associated quite time. So in case you are about 10 feet from the grocery store, it will remind you. Also in case you are in office on the 10th floor and you have a letter box nearby, it is not going to bother you every time you walk over to the window.

Browser NG: Some weird thoughts

2004-06-28T20:44:00.000-04:00

Hmm.. so I finally got around to start using the firefox 0.9 last week. The requirement came due to some issues that I encountered with Internet Explorer(see below for more information) and whether it was a Browser issue. Any way I have shifted completely to this new browser but so far I have not been able to find the wow factor for this tool so far. Well as a self-proclaimed geek I do like some things like DOM Inspector and the Java Script Console (even though a small icon at the bottom telling that there was error would make more sense), I see the features as just an extension of basic browser facilities of rendering the content generated by the content provider. Isn't it time that we gave the control over to content redering to client/user? This control can start with simple things like

Setting Page Properties Allowing Client to set the automatic refresh on a page which does not have a REFRESH Tag embeded to it(will this be construde as denial of service attack?)
Web Site Macro Recording and playing Record the sequence of events on the browser for a user and then automating that sequence (obviously incase of any problem, the user should be able to take over) when user accesses the web site. This ensures that you directly go to the page that you want to and not be bothered by things that are of no use to you.
Web Site Search Now that you have reached a site, would it not make more sense that the browser automatically searches the site for all the relevant pages and when you scroll over to a link tell you whether that is the best bet or even skip the pages to go to page with best match corresponding to a link(obviously having such a search capability at your fingertips would require really cheap and highspeed network access or the search engines could provide such capabilities which may already be there). And may be even have a sidebar with list of sites that closely match the content of the site that you are on (such a sevice will come from a search engine like google or yahoo or next big search engine).
Web Services Support With the growing acceptance of the webservices as one of the interface for providing service, it would be interesting if the browsers would provide the capability of rendering the Web Service interface as User Interface which can be used to invoke the web service and the response can then be rendered by either client side XSL or service provider side XSL.

Well incase we are comfortable with this level of customization, I think we have the existing technology to build Client Side Portals. I remember that around 99-00, Microsoft had this idea of active desktop which was solved as some sort of push or pull model system. The idea is similar to it but goes ahead and gives complete control to customers. The idea being that customers will be able to create their intelligent browser skins (for text data equivalent to CSS) which is customizable for rendering the information based on the space allocated for the site in the window and also tracks the users browsing habit(7/4/04:something similar), privacy concern incase of compromize of machine, and customizes itself to make better decisions about what user is trying to do on the web (well it may start by building stupid intelligence into the product and then we can go from there with continuous feed back from the users). I know I sound very naive to raise it, but is time to make the protocols like RSS standard on the web for content publishing in conjunction with HTML. This basically converts the entire web into one big blogosphere and the RSS Readers can be the next generation browsers with the improved skins to customize the client side portal with all the information that is needed. But is looking at the entire internet as blogosphere a right way to interpret it. May be it is a programmers' view of the world (remember the last time your manager was happy with the website immediately after web designer had updated the look and feel of the site after you had completed the functionality as if functionality was nothing in comparision to look and feel) of being able to access the content without getting bogged down by the look and feel components which reduce the content area. But I have a feeling that the concept of skin, if implemented well, will be accepted by the standard user who wants to give the personal touch to the whole browsing experience similar to for example choosing the colors to paint their house. But would that mean there would be no free sites (because the free content provider try to entice you to be on the website for longer time by developing the look and feel to achieve that and thus providing them with more opportunity to generate revenue through you)? May be that would be the case and content preview sites will come into the being which will agregate content (and will be subscribed by clients to decide what they want) from variety of providers and would allow you to decide which content you want to subscribe to and then you can use micro-payment for paying the content provider on per use basis. At the same time just like mordern bloggers and other people looking for non-tangible assets like fame, popularity or for altruistic reasons, will continue to provide content for free. But in absence of content provider funded art, how will the artist/mordern web designer survive? I do not know may be by directly selling their services and ideas to people who want to customize their portal to their liking in a way similar to how interior decorator sell their services to the clients. This whole thing seems too far fetched to be happening in next few years, but my feeling is that the user has to take back the control over the content and should be able to get the stuff that he is looking for.

IE Problem

Now the problem with IE which I noticed in version 5.5, 6.0 SP1 is as follows.

Create a website on a server that supports Integrated Windows Authentication using Kerberos (IIS in W2k domain will be the simplest).
In this site protect one of the pages with SPNEGO while leaving the other page to have anonymous access (well this is to simulate different applications with different authentication requirements)
Now if you try to access the URL protected by IWA from a machine where you have loggedin locally (i.e. not in domain), you should get a 401.1 or 401.3 error.
Now to increase the fun (or what my boss calls increasing usability of site), replace these default error pages with your own error page which redirect the person to a page not protected by IWA. And this page should post data to itself and show the posted data to simulate password based login process(simple ASP should do the trick).
Go ahead and try to access the protected page and then submit the data to IIS.
If you see that no data is POST you have succesfully simulated the problem.
Now change the redirect URL in error page to a directory instead of ASP file and make ASP file a default page. Try protected URL again and post the data.
Viola!! you should now start seeing the posted data.

Could not simulate the problem in FireFox 0.9(completely ignored the SPNEGO) or Opera 7.0 (just gave an error) since they do not seem to support SPNEGO or is it NTLM (can't be sure because not logged in to domain). Update 7/13 I have been getting more hits on support for SPNEGO in Firefox and thought that I will add the information for the people who look for the same on to this site. The Integrated Windows authentication can be performed by using NTLM authentication and Kerberos ticket based Authentication (Win2K and above). The FireFox supports the NTLM and so if you enable the Integrated Windows Authentication on IIS or corresponding authentication scheme on any other server, the server will send Negotiate and NTLM in supported authentication mechanisms. On XP (the platform I tested on) you will get a prompt for ID and password which will then be used to perform the NTLM authentication by FireFox. You can not disable the prompt for user id and password(not that I know of). At the moment there does not seems to be support for Negotiate Authentication scheme (Kerberos ticket based authentication like Internet Explorer) and thus provides a more user friendly reduced sign on solution. Another thing to keep in mind is that if the server besides IIS is used make sure that the server sends the NTLM header along with Negotiate header. If it sends only the Negotiate header (some of the SSO products send only the Negotiate header) the FireFox will not switch to NTLM for authentication and display the page returned by the server. Hope this helps!!

Standardization of XML or XMLization of standards and Services

2004-06-01T20:35:00.000-04:00

Well the title kind of gives the basic idea behind these thoughts i.e. what are the flood of XML based standards trying to achieve. The way I got initial understanding of the whole set of standard is

XML is good (mkay),
it is required to interoperate(mkay),
previous attempt at making computer talk to each other was bad(mkay)
Web Services are good and we can talk to microsoft(mkay)

But looking at it that way does not make a lot of sense to me.

XML is same

XML is NOT the solution to interoperability issue. period!!! As far as I understand the idea of interoperability is to make two machine talk same language and has nothing to do with making the protocol readable to human. The last time I checked my computers were still talking using a wierd language under the hood called binary. So what does XML has to do with interoperability issue and what was missing from DCE and CORBA that would not allow them to solve the issue. Let us look at the whole idea of making computers talk to each other. Most people agree that the computers talk to each other using protocols which is basically a language with its own word set. Now in order to allow two applications running on different machines the following approaches have been tried.

Same Code on both machine: which is what DCE tried to achieve. It had its own issue of not being available out-of-box on Mainframes (I remember hearing about DCE version on OS/390 from IBM which was very basic) and Windows. Besides that it was realized that porting the code to different environment itself resulted in a set of interoperability issues.
May or may not be same code but a very well defined protocol: Something that was tried with CORBA using binary tags and bunch of standards developed around it. Well implementation issues and associated inter-operability issues made sure the implementation from different vendors could not talk to each other.

So it seems that having standards do not solve the interoperability atleast in software world. Why? One reason could be that open standards are too open and providing a lot of leaverage to software implementations which results in interoperability issues(something that we can see with most of Web Service Standards). Another possible issue that seems to be important is that the standards follow the products and not vice-versa. This means that products come out with new features and then standards try to create specifications for the similar features provided by competing vendors resulting in a standard that is too late to give any incentive to vendors to interoperate. Hence any thoughts of establishing standards for low level product interoperability (like RPC, Message transport protocol) is meaningless. Then what is it that we are looking for in terms of standards that will help us achieve interoperability. We should be looking at Business Service Standards to help us achieve interoperability. This is what we should try to achieve via Service Oriented Architecture otherwise the whole SOA is of no use and will only result in development of another interface in front of business logic besides mainframe console applications, DCE, CORBA, HTML

XML is different

Then why should we bother with XML and the whole Web Service with WS-* and bunch of OASIS standards. Well looking at these pool of standards we have to realize that these are the foundation blocks on which we will be building these Business Service standards and these standards are just means to the end. In that sense we could have used any other low level open standards (like DCE, CORBA or DCOM if it was open). So how is XML different? One thing that we have to realize is that eventhough the interroperability is achieved between the machines, the standards are developed by human. So if you wanted the business groups of companies to get together and chalk out a Business Service standard at a global level, allowing them to define these protocols in human language(like english) would be more appropriate instead of binary tags. This means that the HR managers can get together and defines what are the Business Services they require to be automated, define the format of data that should be send around as protocols and standards. These standards can then be implemented by any product that must provide the corresponding HR Services. So now you do not have to develop the interfaces in-house using Java, .NET and instead you can buy the Business service interface as a commodity which is basically the code to provide interface. This code come with the application servers or as libraries from software companies focused on vertical segments or combination thereof. The developer would be require to write the pure business logic behind the service (which most of the time would already be present). Even though it would be better to have these standards define the aspects of service (like transport layer, Authentication level, Encryption level and so on), I think we may have to evaluate that during implementation and will require the developers to configure these Aspects of the protocol. Even though you can see some of such service standards taking shape on OASIS, I am not sure how much impetus we have from vendors. Most of the time I see them fighting over standards for low level services and not providing enough help to business owners to get to the next steps of standards i.e. business standards. Last week it seems like BEA started something on that front with TMC SOA blue print but I am not sure whether it will go any further until it gets backing from the organization devoted to the Business (like accounting or HR)

Road Ahead

Now given the time it takes to get the basic protocols itself to become standards, any thought of having Services Standards seems far away into the future. I get a feeling that we will loose this battle of standardization again. There is already talks about how XML eats into the CPU cycles and network bandwidth during (de)serialization and transport and how we should go back to good old days of binary protocols. These people have to understand that XML though not the best way to talk between machine, may be the best chance to make humans agree on standards. Also we should begin working on another set of standards on converting XML standards to a protocol that will suite computer more than human i.e. Binarization of XML standards This may be our only chance to get out of the endless technological cycles of standardization and take standards to a logical end. PS: Hmm...a prophetic dooms day ending makes it quite entertaining I hope even though it does not make any sense.

Empire: By Neall ferguson: My thoughts

2004-03-14T20:27:00.000-05:00

Just saw the history channel program on this book and got the basic idea about what this book is all about.(should have read this book before writing this article). Seems like it is a how-to book for building empires. So I thought I will add my thought on the subject. Basically this occured while reading the rise of the ottoman empire(one of the longest enduring empire 13/14th century to 19th century). If you look at the concept of genisaries and streach to administrative services we get ICS(Indian Civil Services). Knowingly or unknowingly the britishers developed a process of choosing the people (intellectual, receptive and monetarily successful but not traditional elite), "shock and awe" them culturally in their society, and then use them to govern the local people(since they feel themselves to be different from "barbarian" local population). This feature is quite apparent in most of the novels written by PremChandra (the great Indian novelist during pre-independence India). This seems to the way the British developed their civil service system which was used to rule India. The rulers/viceroy like Curzon and others may think they were working in interest of local population but being so far away from locals that there is no way they could have known what locals' interest were. But something that really worked over time in India's favour was that some of the elites got disillutioned with the "shock and awe" Birtish rulers' culture and so the mechanisms and institutions that were setup to rule Indian seems to have been turned against the British in the end. But one thing that I would really give to British is that they did not try to supress the movement using bullets. This may be due to the foolhardiness or underestimation of movement during initial stages and/or due to shear size of the movement at the later stage which may have resulted in violent rebellion. Besides that the idea that problems of world is not result of British Imperialism is at the very least laughable statement. The british rulers of the colonies without any consideration of local sentiments and possible consiquences drew the administrative/country lines which has been the point of contention for past 60 years. This may be because of the bankrupcy of the Britain after 2nd world war, complete lack of interest of ruling parties in leaving the existing colonies without any thought about the future and local leaders in rush to get "independence" thought that all the problems will be solved automatically when the Britishers will leave. This thinking, that imperialistic powers are needed to help the barbarians develop culture/democracy, is the base to any modern imperialism(since late mid-19th century) which tries to justify the cultural and social disruption of native people as humanitarianism and cultural assimilation. Anyway, this has been going on for century in one form or other and continue till we are part of civilization because of inherent human nature.

Labor market: I think I now get it?

2004-03-14T20:26:00.000-05:00

Let me try to build the model for the society in terms of labor. Basically the society/community at any place has a variety of people with different type of built-in skills. So that some of them may be very good in social engineering, while other may be better at analytical skill or at creative skills or at performing repetive jobs. This may be apparent in varing IQ, EQ or other "scientific" scores. Nature makes sure that the entire gamut of the people with varing skills are part of society in order to ensure the survival of species overtime. So any community will over time develop statas based on the skills of the people. Sometimes this startification may be enforced by society itself without regards to person's skills like in case of Hindu caste system or at other times social structure may skew in favour of specific skill set which does not follow the natural distribution skills like in highly industrialized western nations. These divergences in natural skill sets and required skill sets would result in unrest in the labour market which may have its own political and social impacts like protectionism, xenophobia, broadening gap between haves and havenots. But over time the nature adapts to the new skill requirement by the basic strategy of survival of the fitest. I am not sure how quickly nature can adapt. We know that the human typically has long reproduction cycle (female can start reproduction only after 14-18 years). But I think this would be offset by the large population size, improved health care and better communication and transport. The larger population size would ensure that more permutation and combination of genes are possible and improved health care would ensure survival of other wise "naturally unfit" people which have the skills required by society (This is based on assumption that skills is a combination of nature and nurture where nurture should be used to hone the natural skills which may be completely wrong). Besides that the better communication and transport facility means that societies skewed skill requirements can be met by migration of people to requirement or migration of work to places with skill set (example towns, university). Obviously the world and labor market in particular is more complex than the simplistic model I talked above. But it is good enough for me to understand the concept. I am not sure about how accurate is the idea of nature and nurture with nurture helping nature in case of mordern labor market. Given that the skills required are so dynamic that they change every decade the nature can not be expected to cope with it. In such a scenario, will nurture (i.e. incentives, training) help the society in getting the required skills. I donot think so!! There is a limit to how much nurture can help. Human, I guess, has an inherent limit to learning new skills, which degrades with age. So the aging (i.e. societies that have higher % of elderly people) and/or smaller societies are at a inherent disadvantage if they want to continue to be leader in skill business. Instead these society can succeed if they already have existing skills(like political, human and financial management) and power which can be used to control and develop the younger and bigger societies as "skill pool" to be used over time. How is this going to affect the controlling society which will have its own set of people who donot have the necessary skills or can not become part of elite who controls the "skill pool". Over time the difference between haves and havenots is going to increase, resulting in other social implications and may culminate in the social/economic status of have nots reaching the levels of haves in the "skill pool" society. With regards to younger/larger societies, they will continue to be puppets in the hand of the controlling society. Wow, this seems like a real dooms day scenario! Am I that depressed!! anyway, I donot think this conspiracy theory is going to play out, but it seems worst case scenario that, I hope, I am going to laugh at 5 years from now!!

Products and Frameworks

2004-02-29T20:19:00.000-05:00

I have thought about this for some time and in the recent time the discussions at TSS have got me thinking on this. For a start, I belong to that camp (I guess it is extinct) that would prefer hurd over linux (I wish linus had waited for some time). But over time I have realized that each domain, whether it is operating systems, application server or some other product, moves from monolithic systems to framework systems. This process takes its own time. The reason being that before a particular domain starts to grow, people do not have complete understanding about what the framework for that domain should look like. As the monolithic products hit the road, people starts seeing the marks. As the implementation grow, the vendors understand the domain better and can develop the framework that fit the domain. But by that time these monolithic applications have grown so big that vendors do not have any incentive to rewrite their products based on the framework and make the life of customer easier. But there are definitely some products out there which are result of reseach and thus are based on frameworks. At the moment the products like J2EE are at a level where the scope of the frameworks are getting re-defined. I will try to summarize what is going on and how things may proceed. J2EE So far J2EE has grown as a framework which specifies the lifecycle of the application in the container and it also specifies a set of services that may/should be made available(most of the time using the existing specification for that particular domain like Directory, JMS, etc) by the container to application. They did a great job at doing that. But as people started putting together the applications and vendors started developing products to match these specification, they realized that a lot of times people need to be able to configure the container itself for their application to work and the application framework is not good enough. At the same point the commercial products have more to offer in terms of services than what is required by specification which people will like to use. So what is really needed is an Application Server framework(I wish somebody does develop something similar for C - OpenGroup are you listening). In the parallel, people fed up with the complexity and cost of application servers or looking to develop a lighter, flexible and J2EE independent application framework, started developing frameworks for java applications. The frameworks like Avalon(My favourite - why do I always love stuff that most people do not care about), PICO and Spring were result of such requirements. Besides that there were a lot of framework based products were being developed to simplify the life of Java developers like struts, webworks(and similar web frameworks) for Front-end, hibernate for backend and so on. In addition to that advances and maturity in AOP and metadata attribute concepts and implementations were enticing people to utilize them in their application Now people are looking to utilize these various components to develop J2EE applications. But the framework was never meant to address the problems that people wanted to solve. So how should we proceed from here. Basically next generation framework will have to be for Application Servers instead of for applications. How would such a framework look like. Basically it may look something like Avalon ;-) Basically idea being that each of the services like Servlet-JSP/Front-end applications, JMS/Asynchronous Messaging, JNDI/Directory Discovery service, IIOP-Socket-/Synchronous Messaging-RPC, Scheduler/Time management, Transactions, Cache/Replication/clustering, EJB/Java Application with business logic, JDBC-Database Manager, Security Services, are themselves a service in the Application Server. Any of these services can be used by other services or application. So for example the Database Manger service may use cache service to provide better performance. Now some of the components/services like EJB, front-end applications can themselves be containers which host the applications.written by developers. These containers can be standard JSP or enhanced containers like strut or webwork or it may support AOP or other properietory thing that people want it to support. But it is important to define the lifecycle of these provider and especially the management/configuration interface(may be JMX is good enough). This would allow users to use a standard way to configure these containers for their applications and not bother with properietory files like weblogic.xml. At the same time J2EE should get out of the way in defining which service should be part of the specification. Any service that follows the java specification should be allowed to be part of J2EE specification as long as it is defined by one of JCPs. This will allow vendors to innovate and respond quickly to market requirements instead of waiting for the J2EE to pass it. So if tommorow vendor see that rules engine is in demand they should be able to ship it without breaking J2EE requirements. Another important aspect of the system is enhacement of these containers themselves by the application developers. With AOP showing the way, it may be prudent to design the specifications for generic containers that are extensible using various methods like configuration files, AOP or a properietory method. I think if we can lead J2EE along this path we will have more flexible system. Some may raise the question about how the application server companies will make money in such a system. I am not sure that we should worry about it. The basic application server vendors can continue to make money by shipping the complete product that provides a default implementation of all the services because there would be products developed that will have dependency over other services and even if you replace one component with new product, users will need all the other services to function well. So I do not see vendors being threatened by this system and at the same time it will allow the experts in particular fields to develop components that can easily be integrated into the system without developing properietory wrappers around them. This is more important for services like cache, transaction manager, security which cut through the all the services and the framework itself. In order for this to continue, another important component is JCP. Basically the JCP when defining the services/API should take into account the management aspect of it and develop the schema for the same. So each of the services should take into account that service providers will be developing them and will need to expose JMX interface that will allow external customers to tune these APIs at initialization or at runtime. Eventhough some of the services take that into account, this information is missing from most of the other places and results in chaos when the systems hit the street.

User Pain Lifecycle and an approach to solving the problem

2004-02-06T12:58:00.000-05:00

Basically why does a company buy a product even after building it in-house? I can think of some technical reasons (I am sure there a lot of non-technical reasons) -

Vendor has more subject matter expertise – A simple idea that if vendor has designed and developed a product, then vendor would have designed solution in an environment independent and framework model which can be used to address most of the use case out of box and at the same time can be extended to cover all the use cases.
Vendor will have more SME – As the time progresses, the vendor integrates products in more diversified environment and would have had to enhance the system for different use cases and so the when company will run into those use cases vendor would be able to provide solutions.
Vendor have dedicated resources and can spend more time, money and effort to make sure that the product works.

But given my limited experiences with new products, it seems that most of the time none of this is true.

Pain Life Cycle

Typically most of the companies have “pain” to start with and then some one comes up with an idea to solve the problem. So a small system is built to solve the pain which slowly starts getting accepted and enhanced. As the time progresses the small product grows to become a large product which fulfills most of the internal users need.

Depending on how good the architecture and coding team was the IT departments ends with a fine product or a blob of code that works but no body understand.

While this thing was going on, somebody (The Vendor) noticed that this requirement exists in a lot of places (the start of the hype) and so tries to· start building a product to address client needs (please note this may not apply to a few companies that are started by people from academic background). Marketing/Sales wants to get the the first few versions of the product to the market as soon as possible resulting in a faulty architecture, sloppy code and limited testing. This product has very basic functionality, is defective and is architecturally weak.

·At this point the media and analysts have started to pick on the hype and added words like “paradigm shift” and “next generation” to these requirement. At the same time company is in deep pain from managing the in-house developed blob of code.

The Company buys the product after some evaluations and pilots with no idea how the requirements are going to change over time.·

So the company ends up with a product that does not provide all the functionality that in-house product provided, does not integrate well in the environment of the company, is defective/unstable/bad performance and non-extensible.

Why do companies do that?

I don't know.

Another approach

But what if the company took a different approach -

Consortium of Vertical Industry users - So form a consortium of IT professionals who will come up with a set of use cases which are common to all the people. So instead of the vendors developing fuzzy use cases and even fuzzier standards around them, each vertical segment should have the requirements laid out. The consortium may have its own lab or donated labs where the products can be verified to be requirement compliant.
Selectively "Open-design" their internal product - Basically this is based on the idea that the products developed internally are superior to the first few versions of vendor products. So in order to cut down the time and provide vendors with roadmap, the customers can open-design(could not think of any other word) the high level design and development information which can be made either public or provided only to legitimate members. This will help vendors and other open-source developments to get a handle on "what client wants".
Share the experiences with the consortium - This is another important idea that must be used to ensure that the knowledge is not wasted and people can learn from the mistakes of other.4. Vendors Interface - Force vendors to implement the common features required by most of the members of consortium and make them follow a framework architecture.

Most of these thoughts are not something new and I guess people have not seen the benefits of sharing out weight the benefit of keeping their internal information secret. But till we don’t have a legal memory erasing device or a single giant enterprise, people will continue to change jobs and take these "internals secret" to the competitors. So why not do this sharing in a formal way especially when it is going to help achieve companies to·improve their core·functionality·and not·be obsessed with·IT.